This is what we got:
**False positives for Compromised status on iOS 11.3 and 11.3.1 devices by Jordan Cardinal **
The VMware AirWatch teams have received reports on false positives for compromised detection on some devices running iOS 11.3 and 11.3.1. This may occur on VMware AirWatch Agent, Workspace ONE, Container or any of the VMware productivity applications.
This article will be updated as our teams continue to actively investigate the issue.
To prevent un-enrollment of devices which encounter the false compromised detection, we recommend temporarily disabling the Compromised Protection setting under Groups & Settings > All Settings > Apps > Settings & Policies > Security Policies > Compromised Protection until the VMware AirWatch teams have identified the root cause of the issue.
Disabling Compromised Protection will prevent immediate unenrollment of a device when it is detected to be compromised (even for false positives).
Alternatively, to track and detect compromised devices, a compliance policy can be created to detect Compromised devices and Admins can be notified to take an action.
Our product team has been engaged and is actively working to resolve the issue.